Created on 11-19-2021 02:22 AM Edited on 06-02-2022 10:29 AM By Anonymous
Description | This article describes how to check the Certificate Validity & Certificate expiration date on managed Fortigates centrally from Fortimanager API. |
Scope | |
Solution |
The following certificate (SelfSigned-SubCA) installed on Fortigate to perform deep inspection.
It is possible to keep track of individual certificate's expiration dates via FMG / FMG API if the device in question is managed by Fortimanager. The screenshot below demonstrates that Fortimanager also has the information regarding the certificate such as expiration date , serial number etc.
This information can be tracked via Fortimanager with two methods : 1- Directly via an api Query. { "id": 1, "method": "get", "params": [ { "data": [ ], "url": "/pm/config/device/FG3H0E-4/vdom/root/vpn/certificate/local/" } ], "session": "G+mzYAGgD4pNB1LD9bpOcUhCQLgotAJ+pZo6uyUNqnet2DwfsqX6Tjj0mm+xk5/yEiCUOm+1LTHF8d+3uASDhQ==" }
The above query would list all the Local certificates in root dvdom of the device “FG3H0E-4” on Fortimanager.
It is also possible to query certificate attributes individually by using their names in the API query such as : "/pm/config/device/FG3H0E-4/vdom/root/vpn/certificate/local/SelfSigned-SubCA" where SelfSigned-SubCA is the name of the certificate located in root vdom.
The output will return the expiration date of the certificate. 2- The second method would be to run a script directly on Fortigate which would collect the same attributes and query the script result via API.
As it is a script that runs on Fortigate directly, it would be possible to schedule it as well. Having collected the certificate attributes on Fortimanager script output, all need to be done is query this information via API.
{ "id": 1, "method": "get", "params": [ { "data": [
], "url": "/dvmdb/adom/TEST-CERT/script/log/latest/device/FG3H0E-4/" } ], "session": "G+mzYAGgD4pNB1LD9bpOcUhCQLgotAJ+pZo6uyUNqnet2DwfsqX6Tjj0mm+xk5/yEiCUOm+1LTHF8d+3uASDhQ==" }
The second approach can be leveraged to collect many information from all the managed Fortigates centrally. Detailed information regarding API usage can be found in https://fndn.fortinet.net/ |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.